The package rpms/skopeo.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/skopeo.git/commit/?id=695f6943fbc....
Change:
+%ifarch x86_64
Thanks.
Full change:
============
commit 7264a5da1f30f4ff28f7dc68fab56b735218347f
Author: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
Date: Fri Dec 4 23:58:43 2020 -0500
skopeo-1:1.2.1-30.dev.git5b8fe7f
- harden cgo binaries
Reported-by: Wade Mealing <wmealing(a)gmail.com>
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
diff --git a/skopeo.spec b/skopeo.spec
index f39cc30..0718abd 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -43,7 +43,7 @@
Name: %{repo}
Epoch: %{conditional_epoch}
Version: 1.2.1
-Release: 29.dev.git%{shortcommit0}%{?dist}
+Release: 30.dev.git%{shortcommit0}%{?dist}
Summary: Inspect container images and repositories on registries
License: ASL 2.0
URL: %{git0}
@@ -460,6 +460,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test
%changelog
+* Sat Dec 5 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> -
1:1.2.1-30.dev.git5b8fe7f
+- harden cgo binaries
+- Reported-by: Wade Mealing <wmealing(a)gmail.com>
+
* Fri Dec 4 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> -
1:1.2.1-29.dev.git5b8fe7f
- autobuilt 5b8fe7f
commit 695f6943fbcd54e9be06ee2d9f42e773e906f952
Author: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
Date: Fri Dec 4 23:57:25 2020 -0500
harden cgo based binaries
Reported-by: Wade Mealing <wmealing(a)gmail.com>
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
diff --git a/skopeo.spec b/skopeo.spec
index 70c449c..f39cc30 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -31,19 +31,14 @@
%global project containers
%global repo skopeo
#
https://github.com/containers/skopeo
-%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
-%global import_path %{provider_prefix}
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
%global git0 https://%{import_path}
%global commit0 5b8fe7ffa535c2d3fc92440ce92e249c6ad8b411
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# Used for comparing with latest upstream tag
# to decide whether to autobuild (non-rawhide only)
-%global built_tag v0.2.0
-
-# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
-# manually listed arches due
https://bugzilla.redhat.com/show_bug.cgi?id=1391932 (removed
ppc64)
-ExcludeArch: ppc64
+%global built_tag v1.2.0
Name: %{repo}
Epoch: %{conditional_epoch}
@@ -298,6 +293,13 @@ sed -i 's/install-docs: docs/install-docs:/' Makefile
mkdir -p
src/github.com/containers
ln -s ../../../ src/%{import_path}
+export CGO_CFLAGS='-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects
-fexceptions -fasynchronous-unwind-tables -fstack-protector-strong
-fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64'
+%ifarch x86_64
+export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection"
+%endif
+# These extra flags present in %%{optflags} have been skipped for now as they break the
build
+#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+
mkdir -p vendor/src
for v in vendor/*; do
if test ${v} = vendor/src; then continue; fi